VPN through Cisco Router

marcusaureliusbrutusmarcusaureliusbrutus Member Posts: 73 ■■□□□□□□□□
in CCNP
Hi. I just wish to ask if it's possible to set up two crypto maps in just one router where one crypto map has one ip peer and another crypto map has another ip peer. I tried doing this before but it only works for one peer and not the other.

Thanks.
· Share on FacebookShare on Twitter

Comments

  • mikearamamikearama Member Posts: 749
    No, I don't believe you can have multiple crypto maps... you certainly can't on the PIX.

    Actually, you can have as many maps as you like, but you can only apply one to an interface. Yeah, that's it. One crypto map to an interface, but you can list mutiple peers inside it, assuming that all the peers can use the same transforms/policies.

    EDIT: found this link:
    http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml

    Shows that as long as the name of the map stays consistent, but the sequence number changes, you can apply a crypto map "set" to an interface. Scan down the page to the Apply Crypto Map to Interface section.

    Mike
    There are only 10 kinds of people... those who understand binary, and those that don't.

    CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110

    Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
    · Share on FacebookShare on Twitter
  • marcusaureliusbrutusmarcusaureliusbrutus Member Posts: 73 ■■□□□□□□□□
    Hi. Thank you for replying. Is it possible if i have two crypto maps and i would apply one crypto map on one interface and another crypto map on another interface?

    Thanks.
    · Share on FacebookShare on Twitter
  • mikearamamikearama Member Posts: 749
    Ah, that's where you're going. Gotcha.

    As the maps are tied to the interface, you should have no issue.

    Here's a great link doing what you describe:
    Terminating IPSec Tunnels on Multiple Cisco Secure PIX Firewall Interfaces with Xauth - Cisco Systems
    There are only 10 kinds of people... those who understand binary, and those that don't.

    CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110

    Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
    · Share on FacebookShare on Twitter
  • mzinzmzinz Member Posts: 328
    marcusaureliusbrutus wrote: »
    Hi. Thank you for replying. Is it possible if i have two crypto maps and i would apply one crypto map on one interface and another crypto map on another interface?

    Thanks.

    Both of those are public interfaces, correct? ie: they have public IP's and connect directly to the internet?
    _______LAB________
    2x 2950
    2x 3550
    2x 2650XM
    2x 3640
    1x 2801
    · Share on FacebookShare on Twitter
  • marcusaureliusbrutusmarcusaureliusbrutus Member Posts: 73 ■■□□□□□□□□
    Hi Guys,

    Just to make sure i get it right, if i have two interfaces with public interfaces, connected to two different ISPs, and i have two crypto maps each with its own peer address, i should be able to establish two vpn tunnels? What if the peer address is the same. I mean i would enable one crypto map on both interfaces pointing to just one peer IP, is this possible?
    · Share on FacebookShare on Twitter
Sign In or Register to comment.